Description
Is your feature request related to a problem? Please describe.
The nest filter allows us to nest given fields under a given key.
This filter takes a wildcard property, so we can only nest keys which match this pattern.
This works well if all keys to nest match a given wildcard. However, if one wants to exclude some keys, there is no simple way to do this.
Let's imagine we have the input JSON:
{
"message": "simple log generated",
"logger": "my.logger",
"level": "INFO",
"hostname": "localhost",
"my_map_of_attributes_1": {
"key_1": "hello, world!",
"key_2": "goodbye, world!"
},
"my_map_of_maps_1": {
"root_key": {
"sub_key_1": "hello, world!",
"sub_key_2": "goodbye, world!"
}
},
"an_unknown_key": "hello, world!",
"another_unknown_key": "goodbye, world!"
}...and we want to lift any keys unless they are to be excluded. In this case, we would want to nest everything except
- message
- logger
- hostname
- level
- my_map_of_*
...and end up just nesting an_unknown_key and another_unknown_key.
It is possible to achieve the desired outcome by using the add_prefix and remove_prefix, and "juggling" the keys around, but it is a mess.
Describe the solution you'd like
Add a config property wildcard_exclude, which operates like wildcard, except it will make a negative match
Describe alternatives you've considered
As noted above, the outcome is already achiveable, but doing a lot of nest / lift + add_prefix / remove_prefix operations.
It is also quite easy to do with a LUA script, with the associated complexity etc
Additional context
This is of particular use for using the structured_metadata_map_keys config of the Loki output, where we want to collect "unknown" keys into a map.